[wp-trac] [WordPress Trac] #58303: Found Escaping Issue While Echoing Attribute Dynamic Value in HTML Attribute.
WordPress Trac
noreply at wordpress.org
Sat May 13 10:40:29 UTC 2023
#58303: Found Escaping Issue While Echoing Attribute Dynamic Value in HTML
Attribute.
------------------------------+-----------------------------
Reporter: mahamudur78 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Administration | Version:
Severity: normal | Keywords:
Focuses: coding-standards |
------------------------------+-----------------------------
While examining the [https://github.com/WordPress/wordpress-
develop/blob/trunk/src/wp-admin/includes/dashboard.php#L269 \wp-
admin\includes\dashboard.php] file in WordPress, I discovered an escaping
issue when echoing a dynamic value of an attribute (such as "class") in an
HTML attribute. Specifically, the issue is located on line 269 of that
file. Based on my observation, I believe that the dynamic value should be
properly escaped to prevent potential syntax errors or security
vulnerabilities.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/58303>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list